找回精简版操作系统的服务——从安装Secondary Logon服务说开去

Posted by on 二 13, 2009 in IT | 0 comments

昨天碰到这么一种情况,需要开机自动以另一用户身份运行某程序,不知道我说清楚没有,就是开机自动进入A的桌面,但要以B的身份运行一软件,以供我用B远程登录后使用,查了查runas命令可以搞定,于是到命令行打runas,汗~没这命令,精简掉了,copy过来,又遇新问题,提示:(1060)指定的服务并未以已安装的服务存在,faint,到底依赖啥服务哇,一找就是它了——Secondary Logon,这个安装系统前就被我精简掉了,如今又要找回来,折腾啊~

开工!服务嘛,都在注册表里,到朋友2003 server的系统里一通搜(XP/2003基本通用),一共7处相关注册表,保存下来7个reg,下回来挨个看了,主要就是以下这几处:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
“netsvcs”=hex(7):41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,41,00,75,00,\……
这个最好手动添加seclogon到netsvcs项里

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECLOGON]
“NextInstance”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECLOGON\0000]
“Service”=”seclogon”
“Legacy”=dword:00000001
“ConfigFlags”=dword:00000020
“Class”=”LegacyDriver”
“ClassGUID”=”{8ECC055D-047F-11D1-A537-0000F8753ED1}”
“DeviceDesc”=”Secondary Logon”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECLOGON\0000\Control]
“ActiveService”=”seclogon”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
“Description”=”启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。”
“DisplayName”=”Secondary Logon”
“ErrorControl”=dword:00000000
“ImagePath”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
“Objectname”=”LocalSystem”
“Start”=dword:00000002
“Type”=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
“ServiceDll”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
00
“ServiceMain”=”SvcEntry_Seclogon”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security]
“Security”=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum]
“0″=”Root\\LEGACY_SECLOGON\\0000″
“Count”=dword:00000001
“NextInstance”=dword:00000001

这些导入完成后,到控制面板-服务里已经看到Secondary Logon服务了,别急着启动,还得把sclgntfy.dll、seclogon.dll这两文件copy过来,用regsvr32注册一下,恩,重新启动,Secondary Logon服务已经老老实实的在运行了。

这次再运行runas命令,程序正常启动,问题解决。

其实找回丢失的服务并不复杂,一是要到正常装有服务的系统里把相关注册表考回来,二是找齐启动服务所需的文件,我这里只是以Secondary Logon服务为例,安装其他服务可以以此类推,谢谢观看!